You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by "Tim Wintle (JIRA)" <ji...@apache.org> on 2008/10/27 14:10:44 UTC

[jira] Updated: (SHINDIG-662) Check protocol for proxy requests

     [ https://issues.apache.org/jira/browse/SHINDIG-662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tim Wintle updated SHINDIG-662:
-------------------------------

    Attachment: fix_noProtocolCheck_bug.patch

Simple fix to ProxyHandler to check for protocol

> Check protocol for proxy requests
> ---------------------------------
>
>                 Key: SHINDIG-662
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-662
>             Project: Shindig
>          Issue Type: Bug
>          Components: Gadget Rendering Server (PHP)
>         Environment: Multiple *nix
>            Reporter: Tim Wintle
>         Attachments: fix_noProtocolCheck_bug.patch
>
>   Original Estimate: 0.5h
>  Remaining Estimate: 0.5h
>
> ProxyHandler does not check the protocol of requests.
> -> On our development servers, a request to proxy "file://[some big logfile]" successfully tied up the server for 30 seconds of cpu time. 
>     (The request was not passed back to the client, but this bug opens up a possibility for dos attack)
> Patch submitted simply checks that the requested url includes http, https or ftp protocols if a protocol is specified.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.